httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Eissing <stefan.eiss...@greenbytes.de>
Subject Re: mod_proxy_http2
Date Tue, 09 Feb 2016 17:21:08 GMT
I had the effect that when a socket was determined to be dead, the SNI was cleared and a new
connection was made without any SNI. So, I save the first ssl_hostname I see and set that
on every new connection.

> Am 09.02.2016 um 15:42 schrieb Yann Ylavic <ylavic.dev@gmail.com>:
> 
> On Mon, Feb 8, 2016 at 6:07 PM, Stefan Eissing
> <stefan.eissing@greenbytes.de> wrote:
>> 
>> One thing: the ssl_hostname that is used for SNI by the generic proxy utils seems
to get lost when the socket needs to reset and is then not available on the next connect.
That should affect mod_proxy_http as far as I can tell. Maybe someone with more experience
in that module wants to take a look.
> 
> This is intended (for http/1 at least), why is it an issue?
> When mod_proxy closes the backend connection, it indeed clears any
> associated SNI.
> But it sets the SNI for any new connection, based on the Host
> requested on that connection.
> Keep in mind that with "ProxyPreserveHost on" the requested Host may
> be the one given by the client, which may hence differ for each
> request (mod_proxy won't reuse a connection with a different SNI than
> the Host it requests).


Mime
View raw message